[cifs-protocol] [REG:114120512128317] MS-ADTS missing RevMembGetGroupsForUser as a transitive operation

Obaid Farooqi obaidf at microsoft.com
Fri Dec 5 10:43:01 MST 2014

Hi Andrew:
I'll help you with this issue and will be in touch as soon as I have an answer.

Obaid Farooqi
Escalation Engineer | Microsoft

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com

-----Original Message-----
From: Bryan Burgin 
Sent: Friday, December 5, 2014 1:04 AM
To: Andrew Bartlett; Obaid Farooqi
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: [REG:114120512128317] MS-ADTS missing RevMembGetGroupsForUser as a transitive operation

[dochelp to bcc]

Hi Andrew,

Thank you for your question.  We created SR 114120512128317 to track this issue.  Obaid will work with you on this and will contact you soon.


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Thursday, December 4, 2014 4:53 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: MS-ADTS missing RevMembGetGroupsForUser as a transitive operation Server Behavior of the IDL_DRSGetMemberships Method

The pseudo-code has this hunk in it:

/* Calculate all other cases (where op ≠ GroupMembersInTransitive).*/ transitive := op in {RevMembGetAccountGroups, RevMembGetResourceGroups, RevMembGetUniversalGroups}

However, it does not list RevMembGetGroupsForUser referenced in MS-ADTS tokenGroups, tokenGroupsNoGCAcceptable, which is clearly a transitive operation, as it says:

These two computed attributes return the set of SIDs from a transitive group membership expansion operation on a given object.

Can you confirm the docs are incorrect, and that RevMembGetGroupsForUser should be in that list?


Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list